How to Automate Infrastructure with Atlantis and Terraform
In this article, we will encroach on the sacred – Jenkins! But don’t get me wrong, we strongly appreciate Jenkins, it’s like a Swiss Army knife for any DevOps team. Jenkins is a powerful tool that helps us orchestrate any infrastructure we design. Even so, have you ever thought there might be something else? Well, there is – Atlantis, especially if we talk about infrastructure orchestration with Terraform. So, today we will discuss why Atlantis is helpful when we deal with infrastructure automation and orchestration with Terraform, but before we do, let’s talk about why IT companies need to automate their infrastructure.
Infrastructure automation: what are the benefits?
Automation of all levels of SDLC (software development life cycle) has become a trending matter across the IT teams when DevOps stepped on the IT scene. With DevOps, it became possible for teams to design, deploy and support new environments within minutes, not days or even weeks. Here are the main benefits you can get from automated infrastructure:
- Reduced Costs. Automated infrastructure releases teams from tedious, manual phases of software development and delivery processes, they focus on more creative tasks and organizations save on labor spending.
- Increased Efficiency. Automated processes are performed more effectively and accurately.
- Improved Reliability. Automated CI/CD significantly improves business agility, reliability, and ensures stable performance at all stages of SDLC.
- Boosted Velocity. Due to automation, time-to-market is significantly reduced and definitely has a very positive effect on customer’s experience.
- Improved Collaboration and Productivity. Automated processes help improve collaboration between teams, which leads to significant productivity improvement.
Does Jenkins have cons? No way!
Although Jankins was created as the open-source automation server that provides hundreds of plugins to support building, deploying, and automating, it’s mostly used for CD purposes. It’s impossible that Jenkins had drawbacks, but there are some issues. Let’s examine the infrastructure flow steps with Jenkins.
- Everything begins with a master (core) branch. We head to the Terraform git repo to create a master branch clone, amend it to implement Terraform configuration modifications, and commit/push them to the branch repo
- Then extend a pull request to the core branch
- Jenkins (in this case) starts running the terraform init/plan commands
- Jenkins alerts on the terraform plan implementation outcome
- DevOps engineer reviews / approves it
- Then the request is knitted into the core branch
- Jenkins runs the terraform apply from the core branch
- When it’s done, don’t forget to get rid of the clone branch.
Sounds simple and quite sweet, but what if the terraform apply crashes? I tell you what, you end up with a shuttered branch, the core branch, actually. New pulls cannot be performed until the previous failures are tackled and the terraform apply is victoriously performed. What about velocity? Not a good picture at all. With a couple of environments administered simultaneously, sometimes the waiting time extends to 15-20 min. Taking that rerunning the pulls is a time-consuming and hard-to-track process, teams cannot sync up which leads to productivity reduction. The icing on the cake is a must to create custom code if you need to set up any credentials, download Terraform plugins, or cleanse the workspace.
What is Atlantis?
Let’s start by explaining what Terraform is. First, the official definition from HashiCorp:
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
In simple terms, Terraform empowers you with insight into how your infrastructure will be displayed on the cloud, in cooperation with any cloud provider, by the way. Due to Terraform’s simple syntax and omni-cloud congeniality, it’s our first-choice tool for IaC implementation.
What is Atlantis then? Atlantis is an open-source tool that allows you to securely collaborate on Terraform projects by verifying that recommended adjustments are addressed and that the planned modification is a current change that needs to be performed on your infrastructure. How does it work? You simply comment on the pull request and Atlantis starts operating the Terraform commands. Atlantis gets back to you on the pull request to display the terraform plan. With Atlantis operating the terraform apply, you can be sure your changes will be applied before the pull request joins the core branch. Basically, you can configure Atlantis to ask for approval before marrying your pull request with the core branch and automate this process at most. With Atlantis leveraging the atlantis.yaml file, you can avoid writing custom code.
Atlantis in force
Let’s examine the infrastructure flow steps with Atlantis.
- As always we get to the Terraform git repo and create a new branch master (core) clone, make necessary modifications, commit them and drive the branch to the repo
- Then we release a pull request to the core branch.
- With each new pull or commit set up, Atlantis will try to operate the terraform plan and get back to you with the terraform plan outcome.
- In case you want to perform a plan one more time, you just need to report on the pull with the Atlantis plan. Specific project plan requires atlantis plan -p <name of your project> formulation.
- With pull request confirming, comment on the pull request with the atlantis apply or atlantis apply -p <name of your project> in a specific project case.
- That’s it, Atlantis is operating the terraform apply now.
- Plus, Atlantis will auto-blend your changes to the core branch, as long as your changes were carefully checked and applied.
Final thoughts: Jenkins + Terraform or Atlantis + Terraform?
Well, it doesn’t really matter what combination Jenkins + Terraform or Atlantis + Terraform you choose — running CI/CD Terraform pipelines is far from being easy if you try to do it on your own. Fortunately, Jenkins, Atlantis, and other brilliant automation tools came to save the day. However, if Atlantis has become your choice, here are some tips for this project to work:
- Use Atlantis to run a PoC (proof of concept). You can do it locally.
- Identify the low-risk parts of the infrastructure that can be managed using the Atlantis workflow.
- Upskill developers performing a high-level knowledge transfer on Terraform
- Before applying the code in a production environment, double-check that DevOps engineers’ approval is required.
What’s good with Atlantis? It lets teams collaborate more effectively which has a definite positive effect on productivity. As for the velocity, no more time-wasting as opening a pull request, terraform plan and terraform apply takes moments. Plus, infrastructure changes can be performed in many environments simultaneously. One way or another, it’s up to you what Terraform automatization tool to choose. Both Jenkins and Atlantis are effective enough, but we thought it’s good for you to have options. If you have questions about IaC designing/performing or any other DevOps-linked issue, we are here to deal with it.